General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.
About General Topics
Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

Discussions

Resolved! security policy between layer 2 zones

Hi, I am new to Palo Alto, so this might be a dumb question, below is the setup I have been trying to get it to work -two layer2 zones; Zone1 and Zone2three PCs, PC1; PC2 and PC3PC1 in Zone1PC2 and PC3 are in Zone2all three PCs are on the same subnetquestion: I am trying to create a security policy to only allow PC1 to talk to PC2, and deny ever...

VPN and NAT query

Hi All, Can someone help me with a NAT over VPN. What I thought was correct isn't working and I have tried a number of combinations that all fail. The encryption domains are (based on Palo) Remote 85.90.253.239, local 192.168.90.228, to reach a server on IP 10.0.8.82. What would the NAT look like? Every combination that I think is correct doesn’...

a.jones by L3 Networker
  • 4597 Views
  • 3 replies
  • 0 Likes

Firewall bidirectional nat

I configured the bidirectional nat. After the configuration is complete, it can be accessed from the outside, but it cannot be accessed from the internal network. The link I visited is https://anyshare.positecgroup.com/#/The public address is 218.4.72.251.I put my configuration in the attachment, can you help me see where there is a problem?

image001(12-11-16-50-48).png
image002(12-11-16-50-48).png

Native Duo 2FA for GlobalProtect can't select Auth Profile or Auth Policy Zone

I'm moving to LDAP auth with Duo 2FA. We need a better answer than RADIUS as we've found Duo's Authentication Proxy functionally limited and crash-prone. Using Mitch Densley's video guide for PAN-OS 8.x as a starting point, I've gotten my Duo application set up, along with an authentication profile. However, when I try to create an Authenticatio...

Resolved! HIP Profiles in Global Protect

Hello, we tried to figure out if it´s possible to use HIP Profiles on Global Protect Client Configuration. We want to ristrict the User who is not matching the HIP Profile to connect to the Gateway. Normally, you can configure the HIP Objects on Policys, but we don´t want the user even connect to the VPN. Is there any Way we can do this ? Kind r...

Production issues with 9.0.4?

Hello Community!Has anyone made the jump to 9.0.4 on their production firewalls? I have read the release notes and installed it onto my lab unit. Just checking to see if anyone has had any issues outside of what is in the release notes. Currently we are running the 8.1 train. Cheers!

Resolved! PAN Device (in front of Alarm LED)

HiWhen We are used to run PAN DeviceUnfortunately PAN Device Occur FaultAfter that,,Alarm LED turn it on Red colorI checked CLI Command to see deep informationI got it cause,,TemperatureI solved a problemanyway,,in end of line What does means?,,10G physJaguarTigerDuneThat mean are aninmal something like thatgood bye~

Reboot / Shutdown options not displayed in Web UI if Role-Based Admin is used

Hi,I have created a role-based admin account with all rights enabled for the Web UI and superuser rights enabled for the CLI.After login to the Web UI using this account, under Device -> Setup -> Operations, the reboot/shutdown operations are not displayed. So i cannot reboot the device via the Web UI.If I go to the CLI (using the same acc...

zaphodbb by L1 Bithead
  • 8092 Views
  • 3 replies
  • 0 Likes

Query about admin credentials

Hello Team, We need your support to provide specific access to system admin user. We need to provide access one of system admin only for configuring VPN user & create system admin user. Kindly confirm can we create a custom admin profile for above task or any another way to restrict access. RegardsKarthikeyan Balamurugan

Resolved! Vwire connection between edge and distribution switch

We have stack of 2 edge switch and stack of 2 distribution switches.We have linkagg containing 2 ports running between them.IT is layer 2 connection only between edge and distro.Also we have MAnagement vlan on switch so that users can access it remotely Need to put PA in vwire mode.So for vwire I will have two pair of vwires and i will need to h...

vwire.png
MP18 by Cyber Elite
  • 4409 Views
  • 4 replies
  • 0 Likes

Not able to normalize UPN name retrieved from SAML assertion

Hi Team, We have configured SAML SSO authentication for Global protect. Microsoft Azure has the active directory we have configured it as identity provider and service provider as Palo alto global protect. Trust established between Idp and SP and we are able to authenticate portal using microsoft azure. But the problem in allowing list in authe...

Restrict GlobalProtect connection from a single Linux computer

Hi everyone, I must to implement some VPN access control based on computers. By this way, a user will only be able to connect to VPN if agent is executed from a specific computer. I have read the documentation but I don't find if I can restrict the computer from where a user connects to VPN. All VPN clients are Linux and the control can be based...

Resolved! "Wrong" IP netmask object definition

Hi,I am a new bee in PA. Can any answer very basic question.I have seen IP Netmask object defined with non-zero host portion and mask smaller then /32 in some firewall configurations..Like this: 192.168.1.1/24 . How does this work. Is that host object 192.168.1.1 or network object 192.168.1.0/24 . RegardsRoman

mikesr by L0 Member
  • 4531 Views
  • 3 replies
  • 0 Likes

Https traffic to http

Hi Guys, I have a webserver hosted for public access using http. Now I want to know is it possible to NAT traffic entering to palo alto as https from outside to http as inside. So user will try to connect server using public IP on port 443 their port would get transalated to port 80 and go to internal destination server using destination NAT. IN...

  • 24393 Posts
  • 123 Subscriptions
Top Solution Authors
Labels